package top.pmwly.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * @author Herther
 * @version 1.0.0
 * @ClassName LoginController.java
 * @Description 登录
 * @createTime 2021年08月17日 13:06:00
 */
@Controller
public class LoginController {

    //@RequestMapping("/login")
    //public String login() {
    //    return "redirect:main";
    //}

    //@Secured("ROLE_admin") //只有admin角色才能访问
    //PreAuthorize表达式允许 ROLE_ 开头，也可以不加ROLE_开头，配置类是不允许 ROLE_开头的
    @PreAuthorize("hasAnyRole('admin')")
    @PostMapping("/toMain")
    public String toMain() {
        return "redirect:main.html";
    }

    @PostMapping("/toError")
    public String toError(){
        return "redirect:error.html";
    }


}
